1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
| /*
http://www.developpez.net/forums/d1409298/c-cpp/cpp/utiliser-sddl-h-windows/#post7657306
*/
#define _WIN32_WINNT 0x502
#define _WINVER 0x500
#include <iostream>
#include <windows.h>
#include <wchar.h>
#include <math.h>
#include <time.h>
#include <Sddl.h>
extern "C"
WINADVAPI BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptor(
/*_In_*/ LPCTSTR StringSecurityDescriptor,
/*_In_*/ DWORD StringSDRevision,
/*_Out_*/ PSECURITY_DESCRIPTOR *SecurityDescriptor,
/*_Out_*/ PULONG SecurityDescriptorSize
);
#define SDDL_REVISION_1 1
using namespace std;
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
// Define the SDDL for the DACL. This example sets
// the following access:
// Built-in guests are denied all access.
// Anonymous logon is denied all access.
// Authenticated users are allowed
// read/write/execute access.
// Administrators are allowed full control.
// Modify these values as needed to generate the proper
// DACL for your application.
LPCTSTR szSD = TEXT("D:") // Discretionary ACL
TEXT("(D;OICI;GA;;;BG)") // Deny access to
// built-in guests
TEXT("(D;OICI;GA;;;AN)") // Deny access to
// anonymous logon
TEXT("(A;OICI;GRGWGX;;;AU)") // Allow
// read/write/execute
// to authenticated
// users
TEXT("(A;OICI;GA;;;BA)"); // Allow full control
// to administrators
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
reinterpret_cast< PSECURITY_DESCRIPTOR * >(&(pSA->lpSecurityDescriptor)),
NULL);
}
int main(void)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId());
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = FALSE;
LPCTSTR szSD = TEXT("D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)"); // Allow full control
PSECURITY_DESCRIPTOR psd = NULL;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(szSD, SDDL_REVISION_1, &psd, NULL))
wcout << L"erreur convertstring..." << endl;
sa.lpSecurityDescriptor = psd;
if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, psd))
wcout << L"false" << endl;
Sleep(20000);
} |
Partager